#dos

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. ### Impact The _strvals_ package contains a parser that turns strings into Go structures. For example, the Helm client has command line flags like `--set`, `--set-string`, and others that enable the user to pass in strings that are merged into the values. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with i...

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can can cause a denial of service when HTML forms are parsed. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier. #### Affected packages **.NET Core 3.1** | Package name | Affected version | Patched version | |---------------------------------------------------|---------------------|---------------| | Microsoft.AspNetCore.App.Runtime.win-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=3.0.0,3....

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can manipulate cookies and cause a Denial of Service. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier. #### Affected packages **.NET Core 3.1** | Package name | Affected versions | Patched versions | |---------------------------------------------------|-------------------|------------------| | Microsoft.Owin.Security.Cookies | <=4.21 | 4.22 | | Microsoft.Owin.Security | <=4.21 ...

Ubuntu Security Notice 5588-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.